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DETAILED ACTION 
Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-16, 21 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schultz et al (WO 98/15910) in view of Carter (5787175). 

With respect to Claim 1, Shultz et al meets the limitation of "a method for secured access 
to data in a network including an information center and a plurality of data area access systems 
in which permission to store and define access rights of third parties to data at the information 
center are limited to the owner of rights to said data to be stored" on page 3, lines 1-9, 26-30; and 
"in each case storing the data only once in one of said data area access systems not accessible to 
the owner of the rights" on page 2, lines 28-30, page 3, lines 1, 12-14; and "registering the 
presence of data of a certain type in each data area access system at said information center, 
followed by the owner of the rights to the stored data, should he wish, defining access rights of 
third parties to said data at said information center" is met on page 2, lines 28-30 and page 3, 
lines 26-28; and "transmitting a list of the data present of a certain type, specifying the data area 
access system storing said data, from said information center to a requesting data area access 
system" is met inherently by page 5, lines 3-5; and on page 4, lines 18-25; and "directly 
transmitting said data of said certain type by said data area access system storing said data to said 
requesting data area access system subject to said data area access system storing said data 
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having received a confirmation from said information center" on page 3, lines 20-23 and 26-30 
and on page 4, lines 1-4. The password and WWW address verification inherently discloses a 
confirmation signal being sent from the information center. This is because the information 
center verifies the password and WWW address and must send a signal to communicate a 
successful verification to the data access system. Schultz however does not meets the limitation 
disclosed below. 

The limitation of "the access rights of said requesting data area access system correspond 
to the access rights defined at said information center for said data" is met by Carter on column 
3, lines 31-42. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Carter within the system of Schultz because an access list 
that is modifiable by the user can help the user prevent someone who already had previous 
access from gaining future access to his medical record. This hence gives the user more control 
over who he/she wants to view his/her medical records. 

With respect to Claim 2, the limitation of "wherein an authorization of the storage of data 
and of the definition of the access rights of third parties to the data takes place by means of an 
identity check of the owner of the rights to the data" is met by Shultz et al on page 44, lines 19- 
30 and page 45, lines 1-7. The password authentication is the identity check for the user. 
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With respect to Claim 3, the limitation of "wherein data to be stored are stored in said 
data area access system with an electronic form which contains the type of the data" is met by 
Shultz et al on page 44, lines 15-19. 

With respect to Claim 4, the limitation of "wherein a data area access system storing data 
responds to a request for certain data of a certain type by a requesting data area access system by 
verifying the access rights through an inquiry to the information center as to whether the 
requesting data area access system has access rights to the certain data of a certain type" is met 
by Shultz et al on page 4, lines 28-30 and on page 5, line 1. The technician's password verifies 
his unique access rights to the information center. 

With respect to Claim 5, the limitation of "wherein a data area access system receiving 
certain data of a certain type allows access to the received data only directly after a respective 
reception of said data" is met by Shultz et al on page 3, lines 29-30 and on Fig. 4. Access is 
allowed to the user after his password and a distinctive WWW address are verified. 

With respect to Claim 6, the limitation of "wherein a data area access system storing 
certain data of a certain type grants access to the certain data of a certain type only if a positive 
verification has taken place through an inquiry to the information center as to whether said data 
area access system storing said certain data of a certain type can show access rights for said 
certain data of a certain type" is met by Shultz et al on page 4, lines 28-30. The password and 
WWW address form the certain data that show access rights for the data to be accessed. The 
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technician has a different password from the physicians and hence a different access right applies 
to him than for any other worker. 

With respect to Claim 7, the limitation of "wherein the information center is notified by a 
data area access system having new data about the presence of new data of a certain type, 
whereupon said information center sends a notifying confirmation to the data area access 
system" is met by Shultz et al on page 4, lines 18-25. The subscriber or physician can update the 
patient's records. 

With respect to Claim 8, the limitation of "wherein said data are identified on the basis of 
an identification which is allocated as a unique identification by said information center and is 
transmitted by said information center after a registration of new data to the data area access 
system storing said data, in order for said system to append the respective identification to the 
respective data" is met by Shultz et al on Fig. 3B. The network address is the identification sent 
after the user registers. 

With respect to Claim 9, the limitation of "wherein after an inquiry for data of a certain 
type by a data area access system, said information center prepares a list of all the data present of 
this certain type before it verifies the access rights to the data of the certain type, in order to 
transmit the list of data present of this certain type, specifying the data area access system 
respectively storing these data, to the requesting data area access system for which the requesting 


Application/Control Number: 09/70 1 ,790 Page 6 

Art Unit: 2135 

data area access system can show said access rights" is met by Shultz et al on page 42, lines 12- 
25, and page 44, lines 1-4. 

With respect to Claim 10, the limitation of "wherein when data access is desired by a data 
area access system to data of a certain type, firstly a request for such data of the certain type is 
sent to the information center" is met by Shultz et al on page 42, lines 12-15. 

With respect to Claim 1 1, the limitation of "wherein when data transmission is desired 
from a data area access system storing data to a requesting data area access system, firstly a 
request for certain data of a certain type is sent by the latter system to the data area access system 
storing these certain data of a certain type" is met by Shultz et al on page 42, lines 12-15. 

With respect to Claim 12, the limitation of "wherein the data in a data area access system 
are stored in a secure data memory, no direct access being possible to the data stored therein" is 
met by Shultz et al on page 11, lines 8-23. 

With respect to Claim 13, the limitation of "wherein the type of the data is determined by 
their content and/or the owner of the rights to the data" is met by Shultz et al on page 3, lines 26- 
30. 

With respect to Claim 14, all the limitation is met by Shultz et al except the limitation 
disclosed below. 
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The limitation of "wherein the access rights to stored data can be defined by the owner of 
the rights to the data at any point in time after their registration at the information center and, 
after that, can be changed again as desired by a re-definition by the owner of the rights to the 
data" is met by Carter on column 3, lines 3 1-42. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Carter within the system of Schultz because this allows 
the user more control over who can view his information. He can use this control to prevent a 
physician who already had access in the past from having access in the future due to personal 
reasons. 

With respect to Claim 15, the limitation of "wherein the access rights to stored data can 
be granted by the owner of the rights to the data when they are stored in a data area access 
system" is met by Shultz on page 4, lines 14-17. This is achieved by the user sharing his 
password with any medical establishment of his choice. 

With respect to Claim 16, the limitation of "wherein communication between a data area 
access system and the information center or another data area access system takes place in 
encrypted form" is obvious because encryption is a well known method of making data 
undecipherable to a common eye. The examiner takes official notice on the encryption of a 
patient's medical records because by law, a user's medical records cannot be sent out in clear, 
because this is confidential/secret information. Hence this will necessitate encryption, by law. 


Application/Control Number: 09/70 1 ,790 Page 8 

Art Unit: 2135 

With respect to Claim 21, the limitation of "wherein a participant accessing the network 
must authorize himself and his identity is verified by the information center" is met by Shultz on 
page 44, lines 19-30 and on page 45, lines 1-7. The password and WWW authentication reveals 
this. 

With respect to Claim 23, the limitation of "wherein the permission for storing the data is 
given by the owner of the rights to the data at the latest when the data are registered at the 
information center, said information center not allowing any subsequent data access to these data 
without correct authorization" is met by Shultz on page 44, lines 19-30 and on page 45, lines 1-7 
and on Fig. 3A and 4. 

Claims 17-20 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schultz et al (WO 98/15910) in view of Carter (5787175) in further view of Chen et al 
(5694471). 

With respect to Claim 17, all the limitation is met by the combination of Schultz et al and 
Carter except for the limitation disclosed below. 

The limitation of "wherein the sender provides the information sent by him with a digital 
signature by means of a secret signature code, whereby the recipient can verify the sent 
information by means of an associated public signature code" is met by Chen on column 2, lines 
9-39. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Shultz et al and Carter 
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because a digital signature is a commonly used, well known method for authenticating the sender 
of an information, and hence validate the sender's integrity to the receiver. 

With respect to Claim 18, all the limitation is met by the combination of Schultz et al and 
Carter except for the limitation disclosed below. 

The limitation of "wherein the sender encodes all transmitted data by means of a public 
encryption code issued by the recipient, whereby only the recipient can decode the transmitted 
data by means of a secret encryption code" is met Chen on column 1, lines 40-51. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Schultz et al and Carter 
because public key encryption is a well known means for encrypting data, whereby either side 
has a different encryption key. Public key encryption is utilized by RSA, a well known 
encryption scheme. 

With respect to Claim 19, all the limitation is met by the combination of Schultz et al and 
Carter except for the limitation disclosed below. 

The limitation of "wherein not only each data area access system and the information 
center but also each participant has a secret signature code and a secret encryption code and a 
public signature code and a public encryption code" is met by Chen on column 1, lines 40-51 and 
on column 1, lines 6-22. The public signature code is obvious from the private signature code 
because it will be needed to decrypt the encrypted signature. 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within combination of Shultz et al and Carter 
because of the reasons stated above for Claims 17 and 18. 

With respect to Claim 20, all the limitation is met by the combination of Schultz et al and 
Carter except for the limitation disclosed below. 

The limitation of "wherein the secret signature codes and encryption codes and/or public 
signature codes and encryption codes of a participant are stored on a data carrier, such as a smart 
card" is met by Chen on column 3, lines 52-62. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Shultz et al and Carter 
because of the reasons stated above for Claims 17 and 18. 

With respect to Claim 22, all the limitation is met by the combination of Schultz et al and 
Carter except for the limitation disclosed below. 

The limitation of "wherein the identity of a participant is stored on a data carrier such as a 
smart card" is met by Chen on column 2, lines 9-15. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Chen within the combination of Schultz et al and Carter 
because this would lead to a quicker user authentication since the information center need not be 
contacted to authenticate the user, but simply by authenticating the user by insertion of a smart 
card to a reader/terminal. 
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Claim 24 is rejected under 35 U.S.C 103(a) as being unpatentable over Schultz et al (WO 
98/15910) in view of Carter (5787175) in further view of Auerbach et al (5673316). 

With respect to Claim 24, all the limitation is met by the combination of Schultz et al and 
Carter except the limitation of an electronic watermark used for authentication. 

This is met by Auerbach et al on column 4, lines 40-42. It would have been obvious to 
one of ordinary skill in the art at the time the invention was made to combine the teachings of 
Auerbach et al within the combination of Schultz et al and Carter because watermarking is a well 
known method of copy protection. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tracey Akpati whose telephone number is 703-305-7820. The 
examiner can normally be reached on 8.30am-6.00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 703-305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toM-free) . 


